ae_declarative_authorization 0.8.0 → 0.9.0

data/test/profiles/access_checking

@@ -18,3 +18,23 @@ UsersController
 ParamsBlockArityTest::ParamsBlockArityTestController
 UsersController
 ParamsBlockArityTest::ParamsBlockArityTestController
+UsersController
+ParamsBlockArityTest::ParamsBlockArityTestController
+UsersController
+ParamsBlockArityTest::ParamsBlockArityTestController
+UsersController
+ParamsBlockArityTest::ParamsBlockArityTestController
+UsersController
+ParamsBlockArityTest::ParamsBlockArityTestController
+UsersController
+ParamsBlockArityTest::ParamsBlockArityTestController
+UsersController
+ParamsBlockArityTest::ParamsBlockArityTestController
+UsersController
+ParamsBlockArityTest::ParamsBlockArityTestController
+UsersController
+ParamsBlockArityTest::ParamsBlockArityTestController
+UsersController
+ParamsBlockArityTest::ParamsBlockArityTestController
+UsersController
+ParamsBlockArityTest::ParamsBlockArityTestController

data/test/{controller_test.rb → rails_controller_test.rb}

@@ -266,10 +266,10 @@ class LoadObjectControllerTest < ActionController::TestCase
       request!(MockUser.new(:test_role), "show", reader)
     end
 
-    Authorization::AuthorizationInController.failed_auto_loading_is_not_found = false
+    Authorization::Controller::Runtime.failed_auto_loading_is_not_found = false
     request!(MockUser.new(:test_role), "show", reader)
     assert !@controller.authorized?
-    Authorization::AuthorizationInController.failed_auto_loading_is_not_found = true
+    Authorization::Controller::Runtime.failed_auto_loading_is_not_found = true
   end
 
   def test_filter_access_with_object_load_custom

data/test/test_helper.rb

@@ -15,21 +15,9 @@ ENV['RAILS_ENV'] = 'test'
 require 'rails/all'
 require 'test_support/minitest_compatibility'
 
-if Rails.version < '4.2'
-  raise "Unsupported Rails version #{Rails.version}"
-end
-
-puts "Testing against rails #{Rails::VERSION::STRING}"
-
-if Rails.version >= '5.0'
-  require 'rails-controller-testing'
-  Rails::Controller::Testing.install
-end
-
 DA_ROOT = Pathname.new(File.expand_path("..", File.dirname(__FILE__)))
 
 require DA_ROOT + File.join(%w{lib declarative_authorization authorization})
-require DA_ROOT + File.join(%w{lib declarative_authorization in_controller})
 require DA_ROOT + File.join(%w{lib declarative_authorization maintenance})
 require DA_ROOT + File.join(%w{lib declarative_authorization test helpers})
 
@@ -77,69 +65,12 @@ class MockUser < MockDataObject
   end
 end
 
-class MocksController < ActionController::Base
-  attr_accessor :current_user
-  attr_writer :authorization_engine
-
-  def authorized?
-    !!@authorized
-  end
-
-  def self.define_action_methods(*methods)
-    methods.each do |method|
-      define_method method do
-        @authorized = true
-        render :plain => 'nothing'
-      end
-    end
-  end
-
-  def self.define_resource_actions
-    define_action_methods :index, :show, :edit, :update, :new, :create, :destroy
-  end
-
-  def logger(*args)
-    Class.new do
-      def warn(*args)
-        #p args
-      end
-      alias_method :info, :warn
-      alias_method :debug, :warn
-      def warn?; end
-      alias_method :info?, :warn?
-      alias_method :debug?, :warn?
-    end.new
-  end
-end
-
 class User < ActiveRecord::Base
   attr_accessor :role_symbols
 
   scope :visible_by, ->(user) { where(id: user.id) }
 end
 
-class TestApp
-  class Application < ::Rails::Application
-    config.eager_load                 = false
-    config.secret_key_base            = 'testingpurposesonly'
-    config.active_support.deprecation = :stderr
-    config.paths['config/database']   = File.expand_path('../database.yml', __FILE__)
-    config.active_support.test_order  = :random
-    initialize!
-  end
-end
-
-class ApplicationController < ActionController::Base
-end
-
-Rails.application.routes.draw do
-  match '/name/spaced_things(/:action)' => 'name/spaced_things', via: [:get, :post, :put, :patch, :delete]
-  match '/deep/name_spaced/things(/:action)' => 'deep/name_spaced/things', via: [:get, :post, :put, :patch, :delete]
-  match '/:controller(/:action(/:id))', via: [:get, :post, :put, :patch, :delete]
-end
-
-ActionController::Base.send :include, Authorization::AuthorizationInController
-
 module Test
   module Unit
     class TestCase < Minitest::Test
@@ -160,10 +91,13 @@ module ActiveSupport
       ((params.delete(:clear) || []) + [:@authorized]).each do |var|
         @controller.instance_variable_set(var, nil)
       end
+
+      method = params.delete(:method) || :get
+
       if Rails.version >= '5.0'
-        get action, params: params
+        send method, action, params: params
       else
-        get action, params
+        send method, action, params
       end
     end
 
@@ -172,3 +106,12 @@ module ActiveSupport
     end
   end
 end
+
+require 'test_support/rails'
+
+begin
+  require 'grape'
+  require 'test_support/grape'
+rescue LoadError
+  # Grape is not defined in the gemspec so the Grape tests will not be run
+end

data/test/test_support/grape.rb

@@ -0,0 +1,93 @@
+require 'grape'
+require 'mocha/minitest'
+
+require DA_ROOT + File.join(%w{lib declarative_authorization controller grape})
+
+class ApiTestCase < ActiveSupport::TestCase
+  include Rack::Test::Methods
+  include Authorization::TestHelper
+
+  class << self
+    attr_accessor :api
+  end
+
+  attr_accessor :last_endpoint
+
+  def self.tests(api)
+    @api = api
+  end
+
+  def app
+    self.class.api
+  end
+
+  def request!(user, action, reader, params = {}, &block)
+    Grape::Endpoint.before_each do |endpoint|
+      self.last_endpoint = endpoint
+
+      engine = Authorization::Engine.new(reader)
+      endpoint.stubs(:current_user).returns(user)
+      endpoint.stubs(:authorization_engine).returns(engine)
+
+      ((params.delete(:clear) || []) + [:@authorized]).each do |var|
+        endpoint.instance_variable_set(var, nil)
+      end
+
+      yield endpoint if block_given?
+    end
+
+    method = params.delete(:method) || :get
+    send method, action #, params
+  end
+end
+
+class MocksAPI < Grape::API
+  include Authorization::Controller::Grape
+
+  helpers do
+    attr_accessor :authorized
+
+    def authorization_engine
+    end
+
+    def current_user
+    end
+
+    def authorized?
+      !!@authorized
+    end
+  end
+
+
+  def self.define_action_methods(*methods)
+    resource_name = name.to_param.underscore.gsub(/_api$/, '')
+    resources resource_name do
+      methods.each do |method|
+        get method do
+          @authorized = true
+          'nothing'
+        end
+      end
+    end
+  end
+
+  def self.define_resource_actions
+    define_action_methods :index, :show, :edit, :update, :new, :create, :destroy
+  end
+
+  def logger(*args)
+    Class.new do
+      def warn(*args)
+        #p args
+      end
+      alias_method :info, :warn
+      alias_method :debug, :warn
+      def warn?; end
+      alias_method :info?, :warn?
+      alias_method :debug?, :warn?
+    end.new
+  end
+end
+
+class ApplicationAPI < ActionController::Base
+end

data/test/test_support/rails.rb

@@ -0,0 +1,69 @@
+require DA_ROOT + File.join(%w{lib declarative_authorization controller rails})
+
+if Rails.version < '4.2'
+  raise "Unsupported Rails version #{Rails.version}"
+end
+
+puts "Testing against rails #{Rails::VERSION::STRING}"
+
+if Rails.version >= '5.0'
+  require 'rails-controller-testing'
+  Rails::Controller::Testing.install
+end
+
+class TestApp
+  class Application < ::Rails::Application
+    config.eager_load                 = false
+    config.secret_key_base            = 'testingpurposesonly'
+    config.active_support.deprecation = :stderr
+    config.paths['config/database']   = File.expand_path('../../database.yml', __FILE__)
+    config.active_support.test_order  = :random
+    initialize!
+  end
+end
+
+class MocksController < ActionController::Base
+  attr_accessor :current_user
+  attr_writer :authorization_engine
+
+  def authorized?
+    !!@authorized
+  end
+
+  def self.define_action_methods(*methods)
+    methods.each do |method|
+      define_method method do
+        @authorized = true
+        render :plain => 'nothing'
+      end
+    end
+  end
+
+  def self.define_resource_actions
+    define_action_methods :index, :show, :edit, :update, :new, :create, :destroy
+  end
+
+  def logger(*args)
+    Class.new do
+      def warn(*args)
+        #p args
+      end
+      alias_method :info, :warn
+      alias_method :debug, :warn
+      def warn?; end
+      alias_method :info?, :warn?
+      alias_method :debug?, :warn?
+    end.new
+  end
+end
+
+class ApplicationController < ActionController::Base
+end
+
+Rails.application.routes.draw do
+  match '/name/spaced_things(/:action)' => 'name/spaced_things', via: [:get, :post, :put, :patch, :delete]
+  match '/deep/name_spaced/things(/:action)' => 'deep/name_spaced/things', via: [:get, :post, :put, :patch, :delete]
+  match '/:controller(/:action(/:id))', via: [:get, :post, :put, :patch, :delete]
+end
+
+ActionController::Base.send :include, Authorization::Controller::Rails

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ae_declarative_authorization
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - AppFolio
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-17 00:00:00.000000000 Z
+date: 2018-10-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: blockenspiel
@@ -69,14 +69,17 @@ files:
 - gemfiles/rails507.gemfile
 - gemfiles/rails507.gemfile.lock
 - gemfiles/rails516.gemfile
-- gemfiles/rails516.gemfile.lock
 - gemfiles/rails521.gemfile
 - gemfiles/rails521.gemfile.lock
 - init.rb
 - lib/declarative_authorization.rb
 - lib/declarative_authorization/authorization.rb
+- lib/declarative_authorization/controller/dsl.rb
+- lib/declarative_authorization/controller/grape.rb
+- lib/declarative_authorization/controller/rails.rb
+- lib/declarative_authorization/controller/runtime.rb
+- lib/declarative_authorization/controller_permission.rb
 - lib/declarative_authorization/helper.rb
-- lib/declarative_authorization/in_controller.rb
 - lib/declarative_authorization/in_model.rb
 - lib/declarative_authorization/maintenance.rb
 - lib/declarative_authorization/obligation_scope.rb
@@ -89,23 +92,26 @@ files:
 - lib/generators/authorization/rules/templates/authorization_rules.rb
 - lib/tasks/authorization_tasks.rake
 - log/test.log
-- pkg/ae_declarative_authorization-0.7.1.gem
-- pkg/ae_declarative_authorization-0.8.0.gem
+- pkg/ae_declarative_authorization-0.9.0.gem
+- pkg/ae_declarative_authorization-0.9.0.tim1.gem
 - test/authorization_test.rb
 - test/controller_filter_resource_access_test.rb
-- test/controller_test.rb
 - test/database.yml
 - test/dsl_reader_test.rb
 - test/functional/filter_access_to_with_id_in_scope_test.rb
 - test/functional/no_filter_access_to_test.rb
 - test/functional/params_block_arity_test.rb
+- test/grape_api_test.rb
 - test/helper_test.rb
 - test/maintenance_test.rb
 - test/model_test.rb
 - test/profiles/access_checking
+- test/rails_controller_test.rb
 - test/schema.sql
 - test/test_helper.rb
+- test/test_support/grape.rb
 - test/test_support/minitest_compatibility.rb
+- test/test_support/rails.rb
 homepage: http://github.com/appfolio/ae_declarative_authorization
 licenses:
 - MIT
@@ -126,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 2.5.2
 signing_key: 
 specification_version: 4
 summary: ae_declarative_authorization is a Rails gem for maintainable authorization
@@ -134,16 +140,19 @@ summary: ae_declarative_authorization is a Rails gem for maintainable authorizat
 test_files:
 - test/authorization_test.rb
 - test/controller_filter_resource_access_test.rb
-- test/controller_test.rb
 - test/database.yml
 - test/dsl_reader_test.rb
 - test/functional/filter_access_to_with_id_in_scope_test.rb
 - test/functional/no_filter_access_to_test.rb
 - test/functional/params_block_arity_test.rb
+- test/grape_api_test.rb
 - test/helper_test.rb
 - test/maintenance_test.rb
 - test/model_test.rb
 - test/profiles/access_checking
+- test/rails_controller_test.rb
 - test/schema.sql
 - test/test_helper.rb
+- test/test_support/grape.rb
 - test/test_support/minitest_compatibility.rb
+- test/test_support/rails.rb

data/gemfiles/rails516.gemfile.lock

@@ -1,136 +0,0 @@
-PATH
-  remote: ..
-  specs:
-    ae_declarative_authorization (0.7.1)
-      blockenspiel (~> 0.5.0)
-      rails (>= 4.2.5.2, < 6)
-
-GEM
-  remote: http://rubygems.org/
-  specs:
-    actioncable (5.1.6)
-      actionpack (= 5.1.6)
-      nio4r (~> 2.0)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.1.6)
-      actionpack (= 5.1.6)
-      actionview (= 5.1.6)
-      activejob (= 5.1.6)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.1.6)
-      actionview (= 5.1.6)
-      activesupport (= 5.1.6)
-      rack (~> 2.0)
-      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.1.6)
-      activesupport (= 5.1.6)
-      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.1.6)
-      activesupport (= 5.1.6)
-      globalid (>= 0.3.6)
-    activemodel (5.1.6)
-      activesupport (= 5.1.6)
-    activerecord (5.1.6)
-      activemodel (= 5.1.6)
-      activesupport (= 5.1.6)
-      arel (~> 8.0)
-    activesupport (5.1.6)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    appraisal (2.2.0)
-      bundler
-      rake
-      thor (>= 0.14.0)
-    arel (8.0.0)
-    blockenspiel (0.5.0)
-    builder (3.2.3)
-    concurrent-ruby (1.0.5)
-    crass (1.0.4)
-    erubi (1.7.1)
-    globalid (0.4.1)
-      activesupport (>= 4.2.0)
-    i18n (1.1.0)
-      concurrent-ruby (~> 1.0)
-    loofah (2.2.2)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.0)
-      mini_mime (>= 0.1.1)
-    metaclass (0.0.4)
-    method_source (0.9.0)
-    mini_mime (1.0.1)
-    mini_portile2 (2.3.0)
-    minitest (5.11.3)
-    mocha (1.7.0)
-      metaclass (~> 0.0.1)
-    nio4r (2.3.1)
-    nokogiri (1.8.4)
-      mini_portile2 (~> 2.3.0)
-    rack (2.0.5)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (5.1.6)
-      actioncable (= 5.1.6)
-      actionmailer (= 5.1.6)
-      actionpack (= 5.1.6)
-      actionview (= 5.1.6)
-      activejob (= 5.1.6)
-      activemodel (= 5.1.6)
-      activerecord (= 5.1.6)
-      activesupport (= 5.1.6)
-      bundler (>= 1.3.0)
-      railties (= 5.1.6)
-      sprockets-rails (>= 2.0.0)
-    rails-controller-testing (1.0.2)
-      actionpack (~> 5.x, >= 5.0.1)
-      actionview (~> 5.x, >= 5.0.1)
-      activesupport (~> 5.x)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
-    railties (5.1.6)
-      actionpack (= 5.1.6)
-      activesupport (= 5.1.6)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (12.3.1)
-    sprockets (3.7.2)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    sqlite3 (1.3.13)
-    thor (0.20.0)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    websocket-driver (0.6.5)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  ae_declarative_authorization!
-  appraisal (~> 2.1)
-  mocha (~> 1.0)
-  rails (= 5.1.6)
-  rails-controller-testing
-  sqlite3
-
-BUNDLED WITH
-   1.16.3